As an industry association and standards development organization (SDO), the PDF Association recognizes application security as critical to users' trust. Secure and robust implementation of PDF software is a matter for each software implementor. Any discovered security vulnerabilities should be responsibly reported directly to the vendor or implementor on a case-by-case basis.

On this basis the PDF Association strongly encourages Coordinated Vulnerability Disclosure (CVD).